Technology2026-07-02 · 2 min read
GitHub’s AI week is really about control
GitHub’s latest changelog reads like a feature sprint, but the bigger story is quieter: AI coding tools are moving from “try this assistant” to governed infrastructure inside softw
GitHub’s latest changelog reads like a feature sprint, but the bigger story is quieter: AI coding tools are moving from “try this assistant” to governed infrastructure inside software teams.
On July 1, GitHub made browser tools for Copilot in VS Code generally available, meaning agents can open pages, click, type, read page content, collect console errors, and test live web apps. The important detail is not just capability. It is boundary-setting: user-opened tabs stay private unless shared, agent tabs run in isolated sessions, and admins get controls for enabling browser tools and restricting network domains.
That same day, Copilot vision became generally available across Copilot Chat in VS Code, github.com, and the Copilot CLI. Developers can attach images and PDFs, and GitHub says the feature is on for all Copilot subscribers. For teams debugging UI states, architecture diagrams, or PDF specs, that shifts more project context into the assistant workflow.
The admin layer is catching up
The most practical updates are governance-shaped. GitHub Enterprise Cloud customers can now use a centrally maintained managed-settings.json file to define AI standards for clients such as VS Code and Copilot CLI. A related update lets enterprise admins set Copilot’s model to auto by default for new conversations, while still allowing users to switch models per conversation.
GitHub also added AI credit session limits for Copilot CLI and the Copilot SDK in public preview. That matters for unattended automation: a scriptable agent that can spend credits, spawn subagents, and keep working in the background needs a governor, not just a dashboard after the fact.
Open source teams should read the whole bundle
This is not only an enterprise AI story. GitHub also put open source license compliance into public preview on June 30, giving eligible enterprise customers ruleset-based checks that can block noncompliant dependencies before merge. On July 1, public monitoring for secret scanning entered public preview, watching public GitHub content for leaked secrets tied back to an enterprise.
The takeaway for maintainers: agentic development is becoming normal, but so are the guardrails around it. The winning workflow is not “turn on every AI feature.” It is: define where the agent can browse, what it can spend, what model policy applies, and which supply-chain checks block risky code before it lands.
Sources: GitHub Copilot browser tools, Copilot vision, managed-settings.json, AI credit session limits, open source license compliance, secret scanning public monitoring.
The Daily Brief
Get the Daily Brief
Stories like this — every side, one short morning email. Free.